Do you have a process for when you believe the passwords or accounts have been compromised?
Section A7: User Access Control · Cyber Essentials Montpellier
What this question is really asking
Describe your process for responding to a suspected account or password compromise. This should include: immediate account suspension or password reset, notification to the affected user, investigation of recent activity, and review of any access the account held. A defined procedure with named responsibility and a timeline is expected.
What satisfies this requirement
Yes or NoMust have an established process for prompt password changes on compromise.
What to prepare before your assessor visit
This procedure needs to be specific and documented before an incident occurs, not written while you're responding to one. The minimum expected response: immediate account suspension, credential reset, notification to the affected user, and a review of account activity during the compromised period. Each step should have a named owner and a maximum response time. Having this written down demonstrates organisational maturity to assessors.
How this question sits across CE versions
Related policy templates
Getting certified means having documentation to back it up. These policy templates cover the controls this question tests.
Does your organisation meet this requirement?
Answer 30 plain-English questions and find out exactly where you stand across all 5 Cyber Essentials control areas — with a prioritised list of what to fix first.